Connecting the New World with the Old World via Commerce and Dialog

Tag: Office of Personnel Management

An insider in China has revealed to the Epoch Times that he helped build a database that is now being used to handle Americans’ personal information stolen in cyberattacks.
The FBI revealed on June 4, 2015, that a cyberattack, allegedly from China, stole personal information on close to 21.5 million U.S. federal employees after breaking into the computer files of the Office of Personnel Management (OPM). Subsequent Chinese cyberattacks have also targeted personal data on Americans, including the February 2015 breach of Anthem that stole close to 80 million records.
Speculation began soon after on how the Chinese regime could use the data. A July 2015 report from the Congressional Research Service states “experts in and out of government” suspect the Chinese regime may be building a database on federal employees it could use for espionage.
With a database like this, the Chinese regime can have a systematic roadmap of Americans and their connections, and information it can use to blackmail government employees, recruit insiders as spies, and monitor people who speak out against its policies.
FBI Director James Comey said in a Sept. 10, 2015, hearing on cybersecurity, “There is a significant counterintelligence threat that’s associated” with a nation–state getting hold of the data.
According to the insider, the Chinese Communist Party (CCP) has built the database needed to make use of the massive trove of stolen data. He said that to create the spy database, the CCP brought in a small group of independent software developers from the United States, who worked alongside Chinese security branches to implement the system.
The source requested to have his name withheld, in fear of reprisal from the CCP. Other sources confirmed this man’s identity, and said that he would have access to the kind of information he gave the Epoch Times. In the past, he has provided the Epoch Times with significant information about confidential matters in China that has proven accurate.
(Illustration by Jens Almroth/Epoch Times)
The new system is part of a broader shift in the Chinese regime’s efforts in espionage and social control. With the database, the CCP is now keeping tabs on foreigners in much the same way it has kept tabs on its own citizens, their connections, and their political thoughts.
Chinese spy agencies finished building the system around July 2013. In March 2014, Chinese hackers originally tried, and failed, to breach OPM.
The source said one of the leading organizations involved in the project was the 61 Research Institute, which is one of four known research institutes under the Third Department of the General Staff Department—the branch of the People’s Liberation Army in charge of its military hackers.
The Epoch Times exposed in a previous investigation that the 61 Research Institute is one of the leading organizations behind the CCP’s state-run cyberattacks.
The organization is led by Wang Jianxin, a son of Wang Zheng, who helped establish the CCP’s signals intelligence operations under Mao Zedong.
While the 61 Research Institute’s role in the project ties it to global cyberespionage, the source said many other Chinese domestic security branches were also involved in building the system—including various branches of the police and about six branches of the secret police.
The functions of the spy system, and the departments involved, suggest it will be used not only as a database on foreigners, but also as a system to better monitor Chinese people. The source noted that one of its functions will be to gather information on individuals from all available sources in China, and outside China, that can be used for criminal trials.
“Our intelligence sources corroborate this information,” said Casey Fleming, CEO of BLACKOPS Partners Corporation, which provides cybersecurity intelligence, strategy, and risk reduction to some of the largest companies in the world.
“Our ongoing intelligence gathering shows indication that this database has been in process at least over the last three years—commanded at the highest levels of the Chinese government,” he said in a phone interview.
Big Data Espionage
According to the source, the software used for the database was originally a big data analytics program for smart city measurements, and the CCP altered it for its own uses.

Chinese hackers stole personal information on approxiamtely 21.5 million Americans from the computer files of the U.S. government’s Office of Personnel Management. (Chinamil.com.cn)
What made the software attractive was its powerful functions for gathering information, and showing relationships between data. The source said it was also scalable—enough to hold credentials on every Chinese citizen, and to display everything from their personal data, to data on their family members, relations, and personal background.

The spy database displays data in nodes, which can be displayed by themselves, in relation to other data or events.
The system is capable of ingesting and sorting large amounts of data. The source noted the spy database is even better at this than some open source programs designed for the purpose.
A security service using the system could conduct deep data mining on personal files in the system, to show how individuals relate to one another, even over set timeframes.
The system can also be used to collect data on individuals. The source said it can gather information on people from Chinese security offices, from its own internal database, and from sources abroad, outside the Chinese firewall.
According to the source, getting personal data on foreigners—including Americans—is fairly easy. He said it’s often not necessary for the Chinese regime to use cyberattacks to steal sensitive information.
He said U.S. banks, for example, often hire many people from other countries, and many tech industries do the same. Many of these individuals can be given trusted positions within these companies, and he said it’s not uncommon for some of these individuals to take data out of the companies, and sell it.
It’s not difficult, he said, to create a fairly deep profile on a person using data stolen from just a handful of sources.
The Chinese spy system he helped build, he said, takes this information and organizes it in a form that departments of the Chinese regime can then use—whether it be for industrial espionage, or other purposes.
Fleming said that although the most visible Chinese cyberattacks feeding

This news analysis was originally dispatched as part of Epoch Times China email newsletters. Subscribe to the newsletters by filling your email in the “China D-brief” box under this article.
The first U.S.-China dialogue under a new cybersecurity agreement concluded last week—but what was left unmentioned was much more important than what was said.
According to Xinhua, the official mouthpiece of the Chinese Communist Party, the Chinese representatives claimed they identified the individuals who breached the U.S. Office of Personnel Management (OPM), and explained that “the case turned out to be a criminal case rather than a state-sponsored cyber attack as the U.S. side has previously suspected.”
The statement is unlikely to be a surprise to anyone following cybersecurity. The Chinese regime always denies its involvement in cyberattacks, regardless of evidence. Most interesting is that in a statement giving a brief recap of the meeting, the U.S. Department of Justice gave no mention of the discussion on the OPM hack.
In a way, the Chinese regime has become a boy who cried wolf: it has lied so often that many experts—including many U.S. officials—don’t give its claims much weight.
The Washington Post reported that even prior to the cybersecurity meeting from Dec. 1 to Dec. 2, the Chinese regime claimed it “arrested a handful of hackers it says were connected to the breach” of OPM, yet also cited an unnamed U.S. official stating “we don’t know that if the arrests the Chinese purported to have made are the guilty parties.”
“There is a history [in China] of people being arrested for things they didn’t do or other ‘crimes against the state,’” the official said.
The bilateral meeting between the Chinese Minister of Public Security, the U.S. Secretary of Homeland Security, and the U.S. Attorney General was the first under the new U.S.-China cybersecurity agreement, announced by President Barack Obama and Chinese Communist Party leader Xi Jinping on Sept. 25.
The stance brought to the table by the Chinese representatives was likely well in line with what U.S. officials expected.
John Carlin, assistant attorney general for national security, explained during a Dec. 3 presentation that after the U.S. Department of Justice indicted five Chinese military officers in May 2014 for their involvement in state-run cyberattacks, the Chinese regime altered its line on cybersecurity.
The Chinese regime’s initial response, Carlin said, was of “indignant denials.” Just a year later, however, it’s response moved towards one claiming that they also oppose and combat theft of commercial secrets—and other forms of cyberattacks.
The shift in official line seems to chime with the ancient Chinese saying: “It’s the thief who yells ‘stop thief.’”
Of course, there are plenty of reasons why experts would choose to not believe the Chinese regime’s claims that it arrested hackers, or that it had nothing to do with the breach.
The Chinese regime’s state-sponsored cyberattacks have already been deeply exposed. Most of its military hackers operate out of its General Staff Department, Third Department. In July, the Project 2049 Institute think tank even traced one the Chinese hacker units to a government office in Shanghai.
The OPM breach was tied to several other Chinese state-sponsored cyberattacks, which cybersecurity experts dubbed “Deep Panda.” The same hackers who breached the OPM also breached health insurance company Anthem.
MORE:Murder, Money, and Spies Investigative SeriesCHINA SECURITY: China Reins in Its Hacker Army
The stolen private information is being used by Chinese agencies to build a database on Americans. An insider in China detailed this database, and told Epoch Times that the system for big data analytics is based on the same database the Chinese regime uses for spying on its own people.
It is also possible that Chinese officials were telling a half-truth, and that the hackers behind the OPM breach were not officially under the Chinese regime or its military. But, with bit of background on the Chinese cyber army, this still wouldn’t free them from blame.
The Chinese regime revealed the structure of its cyber army in the 2013 edition of its military publication, “The Science of Military Strategy.” Its cyber army has three tiers: the first being specialized military units, the second being specialists in civilian organizations and government agencies, and the third being groups outside the Chinese regime “that can be organized and mobilized for network warfare operations.”